summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2022-08-08wireguard: add dos mitigation supportAlexander Chernavin11-68/+411
Type: feature With this change: - if the number of received handshake messages exceeds the limit calculated based on the peers number, under load state will activate; - if being under load a handshake message with a valid mac1 is received, but mac2 is invalid, a cookie reply will be sent. Also, cover these with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I3003570a9cf807cfb0b5145b89a085455c30e717
2022-08-08ikev2: fix rekeying with multiple notify payloadsAtzm Watanabe2-6/+16
Type: fix Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I065bd5c26055d863d786023970e7deeed261b31c
2022-08-05vnet: On rx-mode set, return error for an actual error.Wayne Morrison1-1/+6
In set_hw_interface_change_rx_mode(), when vnet_hw_if_set_rx_queue_mode() returns an error it actually returns success. This has been changed to return a clib_error_return() value. Type: fix Change-Id: Iba39c875d9e15463cb6492d8a966234560a1f522 Signed-off-by: Wayne Morrison <wmorrison@netgate.com>
2022-08-05tests: fix node variant selectionBenoît Ganne1-1/+1
Type: fix Fixes: 4830e4f78fb8e46b23a1a0711cd06969a77d8d95 Change-Id: Iddc73dbda633acd72bd82e52f8ae83c17e3940f6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-05vppapigen: make json in parallelNathan Skrzypczak5-100/+140
Type: improvement This patches makes the make json-api-files run in parallel in the same python runtime. Default number of workers is 8, and run time goes from ~20s to ~2s on average. Change-Id: Id8cff013889db2671f6b6b4af9a019460c656f81 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2022-08-04tests: run a test inside a QEMU VMNaveen Joy6-0/+809
Use the script test/run.py to run a test named test_vm_tap inside a QEMU VM. The run script builds out a virtual env, launches a light weight QEMU VM, mounts host directories, starts VPP inside the VM and runs the test. The test named test_vm_tap, creates two tap v2 interfaces in separate Linux namespaces and using iPerf, streams traffic between the VM and VPP. All data files are stored in the directory named /tmp/vpp-vm-tests. To clean up, use the make test-wipe command. Usage: test/run.py --vm --debug --test test_vm_tap Type: improvement Change-Id: I4425dbef52acee1e5b8af5acaa169b89a2c0f171 Signed-off-by: Naveen Joy <najoy@cisco.com>
2022-08-04dpdk: enable interrupt support for vmxnet3Benoît Ganne1-0/+1
Type: feature Change-Id: I0abbe925d6b9d3dd7196cd8beaf4f471beb45bd6 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-08-04arping: validate am->interfaces before check addressGaoChX1-1/+2
May cause pointers point to unexpected non-zero addresses if not validate vec Type: fix Change-Id: Ie4d3343d6734125b98e0dc962e33e0c7514da829 Signed-off-by: GaoChX <chiso.gao@gmail.com>
2022-08-03wireguard: add processing of received cookie messagesAlexander Chernavin14-86/+507
Type: feature Currently, if a handshake message is sent and a cookie message is received in reply, the cookie message will be ignored. Thus, further handshake messages will not have valid mac2 and handshake will not be able to be completed. With this change, process received cookie messages to be able to calculate mac2 for further handshake messages sent. Cover this with tests. Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: I6d51459778b7145be7077badec479b2aa85960b9
2022-08-02ipsec: fix coverity warnings found in fast path implementationPiotr Bronowski2-14/+15
This patch fixes followig coverity issues: CID 274739 Out-of-bounds read CID 274746 Out-of-bounds access CID 274748 Out-of-bounds read Type: fix Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I9bb6741f100a9414a5a15278ffa49b31ccd7994f
2022-07-29ip6-nd: fix ip6 ra cli issueTakanori Hirano1-2/+1
Fix parse problem with per-prefix settings (e.g. valid-lifetime) in ip6 ra. Type: fix Signed-off-by: me@hrntknr.net Change-Id: I2a00bf5b9621ebc16211227d70e376fc2f61bae1
2022-07-28session: fix a crash when using unregistered transport protoFilip Tehlar2-1/+6
Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I39e3e007da2b99321bebf3e1c1ebb1d87547f532
2022-07-28ip6-nd: copy mac address to wrong buffer current_dataliangrq1-0/+2
Type: fix Receive router solicitation in pop vlan interface, it will cause copy mac address to wrong buffer current_data and can not reply the solicitation right Signed-off-by: liangrq <liangrq@efly.cc> Change-Id: Ic40a5a47a52c8187aaf6c6854df761529e6f24d9
2022-07-26vppinfra: fix formatting of format_base10Pim van Pelt2-6/+8
format_base10 reads 64b but is fed 32b values at the callsite; change to u64 consistently. The function has only one call site in interface/monitor.c which has a few additional bugs (spurious character, and ambiguous 'bits' versus 'bytes' in the output). Type: improvement Signed-off-by: Pim van Pelt <pim@ipng.nl> Change-Id: I360f0d439cc13c09bd3f53db8184bd12ad4bc2e9
2022-07-25libmemif: fix chain buffer supportMohsin Kazmi4-66/+38
Type: fix This patch fixes chain buffer support as transmit side missing to set the flag to the descriptor in case of chain buffers. Signed-off-by: Mohsin Kazmi <sykazmi@cisco.com> Change-Id: I73ff11be69a388f14fea39a19272d8eb76148fba
2022-07-21linux-cp: fix endianess for autoendian methodsStanislav Zaikin1-9/+9
If an API methos is specified as "autoendian" it should use macros with _END at the end. Type: fix Change-Id: I73b7b4f6996b30631c4355ace156ed0665c4b8ad Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2022-07-20vcl: new vcl api to get detailed session errorsRadha krishna Saragadam3-0/+42
Sometimes VPP rejects application connection requests due to various reasons. Some errors application can retry to get a successful connection. In a non-blocking session, VCL sends EPOLLHUP. An application can call a new API vppcom_session_get_error to find the details and retry depending on the error. Type: fix Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com> Change-Id: If0e21a8e25701f66a190a2799b2209e0c31f897c
2022-07-19linux-cp: change namespace to netnsStanislav Zaikin2-33/+28
namespace is a keyword for c++ compilers Type: fix Change-Id: Ia8fc9ef1cc15fe9d0e40b3f543f9e8f411203b89 Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
2022-07-19stats: add loops per second counter in the stats segment.Radha krishna Saragadam1-3/+15
This change adds loops per second in the stats segment. Applications using the stats segment to monitor VPP can use this for better monitoring Type: fix Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com> Change-Id: I53081f40ee918eec9763513a639b9d8a02488b20
2022-07-19session: increase retries to grab mq lockRadha krishna Saragadam1-1/+1
With thousands of UDP sessions, Sometimes VPP needs more time to grab the MQ lock for a session. So increased tries from 5 to 75. Type: fix Signed-off-by: Radha krishna Saragadam <krishna_srk2003@yahoo.com> Change-Id: Id8b877255aedcdcf206e9d0869fe5246645d76e7
2022-07-19linux-cp: API downgrade due to namespace keywordMatthew Smith1-0/+5
Type: fix A user had trouble compiling C++ code to work with the linux-cp APIs because some messages contain a field called namespace, which is a reserved word for C++. We wish to rename those fields so the messages which are affected are being set to in_progress. Change-Id: I3bd1dc898c146a9980161a562b2b453313bb58fd Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2022-07-18dpdk: fix mlx5 dpdk init with no-multi-segTianyu Li1-1/+2
Build vpp with MLX DPDK PMD, make DPDK_MLX4_PMD=y DPDK_MLX5_PMD=y DPDK_MLX5_COMMON_PMD=y build-release With no-multi-seg in startup.conf, Mellanox NIC init failed with following message, rte_eth_rx_queue_setup[port:2, errno:-12]: Unknown error -12 mlx5_net: port 2 Rx queue 0: Scatter offload is not configured and no enough mbuf space(2176) to contain the maximum RX packet length(2065) with head-room(128) In Mellanox NIC PMD driver, 'di.max_rx_pktlen' is returned as 65536, and 'di.max_mtu' is returned as 65535, which makes the driver_frame_overhead logic not suitable for Mellanox NICs. So skip the logic code if MAX_MTU is returned as 65535. Type: fix Fixes: 1cd0e5dd533f ("vnet: distinguish between max_frame_size and MTU") Signed-off-by: Tianyu Li <tianyu.li@arm.com> Change-Id: I027b76b8d07fb453015b8eebb36d160b4bc8df9c
2022-07-15tests: add fast path ipv6 python tests for outbound policy matchingPiotr Bronowski2-6/+857
This patch introduces set of python tests for fast path ipv6, based on ipv4 tests. Some missing parts of ipsec framework has been added in order to test ipv6 implementation. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Icc13322787d76485c08106bad2cb071947ad9846
2022-07-15ipsec: fast path outbound policy matching implementation for ipv6Piotr Bronowski8-171/+227
With this patch fast path for ipv6 policy lookup is enabled. This impelentation scales and outperforms original implementation when the number of defined flows is higher thatn 100k. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I9364b5b8db4fc708790d48c538add272c7cea400
2022-07-12quic: fix coverity warningFlorin Coras1-1/+2
Type: fix Fixes: 5b4b4c0 Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If4bd8f30cd23d862109cab665251ad89804b1734
2022-07-12perfmon: add Arm event bundlesZachary Leaf9-0/+874
Included statistic bundles (all NODE type): - Instructions and CPU cycles, including IPC - Data cache access/refills/% - Data TLB cache access/refills/% - Instruction cache access/refills/% - Instruction TLB cache access/refills/% - Memory/Bus accesses, memory errors - Branch (mis)predictions, architecturally & speculatively executed - Processor frontend/backend stalls (stalled cycles) Type: feature Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Tested-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I7ea4a27c8df8fc7222b743a98bdceaff727e4112
2022-07-12perfmon: enable perfmon plugin for ArmZachary Leaf13-37/+659
This patch enables statistics from the Arm PMUv3 through the perfmon plugin. In comparison to using the Linux "perf" tool, it allows obtaining direct, per node level statistics (rather than per thread). By accessing the PMU counter registers directly from userspace, we can avoid the overhead of using a read() system call and get more accurate and fine grained statistics about the running of individual nodes. A demo of perfmon on Arm can be found at: https://asciinema.org/a/egVNN1OF7JEKHYmfl5bpDYxfF *Important Note* Perfmon on Arm is dependent on and works only on Linux kernel versions of v5.17+ as this is when userspace access to Arm perf counters was included. On most Arm systems, a maximum of 7 PMU events can be configured at once - (6x PMU events + 1x CPU_CYCLE counter). If some perf counters are in use elsewhere by other applications, and there are insufficient counters remaining to open the bundle, the perf_event_open call will fail (provided the events are grouped with the group_fd param, which perfmon currently utilises). See arm/events.h for a list of PMUv3 events available, although it is implementation defined whether most events are implemented or not. Only a small set of 7 events is required to be implemented in Armv8.0, with some additional events required in later versions. As such, depending on the implementation, some statistics may not be available. See Arm Architecture Reference Manual for Armv8-A, D7.10.2 "The PMU event number space and common events" for more information. arm/events.c:arm_init() gets information from the sysfs about what events are implemented on a particular CPU at runtime. Arm's implementation of the perfmon source callback .bundle_support uses this information to disable unsupported events in a bundle, or in the case no events are supported, disable the entire bundle. Where a particular event in a bundle is not implemented, the statistic for that event is shown as '-' in the 'show perfmon statistics' cli output, by disabling the column. There is additional code in perfmon.c to only open events which are marked as implemented. Since we're only opening and reading events that are implemented, some extra logic is required in cli.c to re-align either perfmon_node_stats_t or perfmon_reading_t with the column headings configured in each bundle, taking into account disabled columns. Userspace access to perf counters is disabled by default, and needs to be enabled with 'sudo sysctl kernel/perf_user_access=1'. There is a check built into the Arm event source init function (arm/events.c:arm_init) to check that userspace reading of perf counters is enabled in the /proc/sys/kernel/perf_user_access file. If the above file does not exist, it means the kernel version is unsupported. Users without a supported kernel will see a warning message, and no Arm bundles will be registered to use in perfmon. Enabling/using plugin: - include the following in startup.conf: - plugins { plugin perfmon_plugin.so { enable } - 'show perfmon bundle [verbose]' - show available statistics bundles - 'perfmon start bundle <bundle-name>' - enable and start logging - 'perfmon stop' - stop logging - 'show perfmon statistics' - show output For a general guide on using and understanding Arm PMUv3 events, see https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/arm-neoverse-n1-performance-analysis-methodology Type: feature Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Tested-by: Jieqiang Wang <jieqiang.wang@arm.com> Change-Id: I0620fe5b1bbe78842dfb1d0b6a060bb99e777651
2022-07-12perfmon: make less arch dependentZachary Leaf8-101/+161
In preparation for enabling perfmon on Arm platforms, move some Intel /arch specific logic into the /intel directory and update the CMake to split the common code from arch specific files. Since the dispatch_wrapper code is very different on Arm/Intel, each arch can provide their own implementation + conduct any additional arch specific config e.g. on Intel, all indexes from the mmap pages are cached. The new method intel_config_dispatch_wrapper conducts this config and returns a pointer to the dispatch wrapper to use. Similarly, is_bundle_supported() looks very different on Arm/Intel, so each implementation is to provide their own arch specific checks. Two new callbacks/function ptrs are added in PERFMON_REGISTER_SOURCE to support this - .bundle_support and .config_dispatch_wrapper. Type: refactor Signed-off-by: Zachary Leaf <zachary.leaf@arm.com> Change-Id: Idd121ddcfd1cc80a57c949cecd64eb2db0ac8be3
2022-07-11wireguard: fix coverity warningsArtem Glazychev1-8/+8
Type: fix Signed-off-by: Artem Glazychev <artem.glazychev@xored.com> Change-Id: I62f13ee8cb9b86f8106505fd32a03d66c1a73bce
2022-07-08dpdk: add ID for 4xxx QAT VFMatthew Smith1-3/+5
Type: improvement Enable use of 4th gen QAT devices. Will be available on Sapphire Rapids. Signed-off-by: Matthew Smith <mgsmith@netgate.com> Change-Id: I89e7d29e10ecb4c36c700ff5e017796161ec6c5e
2022-07-06gre: fix returning the flags in the APIIvan Shvedunov1-0/+1
Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Change-Id: I5ecfb242e5905c9bd8ce19cd9ab6efd657ee14d4
2022-07-06vppinfra: fix memory leak in sparse_vec_free()Sergey Matov1-1/+4
Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Signed-off-by: Sergey Matov <sergey.matov@travelping.com> Change-Id: I4ec1a68b7266f05ab7c543cd8207afb29e740743
2022-07-06misc: pass NULL instead of 0 for pointer in variadic functionsAndreas Schultz5-18/+14
0 is not NULL (at least not in all cases), passing 0 into a variadic function in a place where the consumer reads it as pointer might leave parts of the pointer uninitilized and hence filled with random data. It seems that this used to work with gcc, but clang seems to treat the 0 in those places as a 32bit integer. Type: fix Signed-off-by: Ivan Shvedunov <ivan4th@gmail.com> Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com> Change-Id: I37d975eef5a1ad98fbfb65ebe47d73458aafea00
2022-07-01buffers: protect against bad thread indicesJon Loeliger1-0/+3
There is a very rare bug in NAT processing that yeilds a thread index of ~0. When this happens, vlib_get_frame_queue_elt() suffers a segfault and VPP quits. Prevent an outright fault by dropping the packet instead. Type: fix Signed-off-by: Jon Loeliger <jdl@netgate.com> Change-Id: I48c7a268925bb821ea15e58db5d4bfb211c40c09
2022-06-30vcl: check if listener valid on disconnect cleanupFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie057d0d5a51d3226a1a188cf9d48a5d82dc4a3c7
2022-06-30misc: VPP 22.06 Release NotesAndrew Yourtchenko2-0/+606
Type: docs Change-Id: I15971b21fd660b4893218640c0d5e5a5247868f1 Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com> (cherry picked from commit 0d352a97c5e3ad1f5f6eab18a978a14b0b9e06a8)
2022-06-30vrrp: while delete vr can't delete multi virtual address.GaoChX1-1/+4
Here is bug example: vpp# create loopback interface loop0 vpp# vrrp vr add loop0 vr_id 1 priority 100 192.168.1.1 192.168.1.2 vpp# vrrp vr del loop0 vr_id 1 vpp# vrrp vr add loop0 vr_id 1 priority 100 192.168.1.1 192.168.1.2 vrrp vr add: vrrp_vr_add_del returned -105 Type: fix Signed-off-by: GaoChX <chiso.gao@gmail.com> Change-Id: I3e0d086ac8fb52756339cff19b9a83911ec9748b
2022-06-30sr: SRv6 Path Tracing Sink node behaviorAhmed Abdelsalam1-0/+10
Type: feature Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: I2d3a0211abfee3501d3d77c80da20e67e1e9e133
2022-06-29vlib: enqueue_to_next_with_aux implementationMohammed Hawari4-37/+233
Change-Id: I0e1bb39d765ec3efa7b28ca02fb7beeb23607e51 Type: improvement Signed-off-by: Mohammed Hawari <mohammed@hawari.fr>
2022-06-29classify: use 32 bits hashBenoît Ganne11-55/+54
classify hash used to be stored as u64 in buffer metadata, use 32 bits instead: - on almost all our supported arch (x86 and arm64) we use crc32c intrinsics to compute the final hash: we really get a 32-bits hash - the hash itself is used to compute a 32-bits bucket index by masking upper bits: we always discard the higher 32-bits - this allows to increase the l2 classify buffer metadata padding such as it does not overlap with the ip fib_index metadata anymore. This overlap is an issue when using the 'set metadata' action in the ip ACL node which updates both fields Type: fix Change-Id: I5d35bdae97b96c3cae534e859b63950fb500ff50 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2022-06-29sr: code refactor and style fixAhmed Abdelsalam2-15/+14
Type: refactor Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com> Change-Id: Iff5e85952273526d5c9d9e7e73bd2b6c15bcd7f6
2022-06-29svm: check svm_msg_q_size_to_alloc successOfer Heifetz1-0/+3
svm_msg_q_size_to_alloc must return a valid base address, if it fails pass up the error for handling Type: fix Change-Id: I408492f65f646862122acb9a187819b3bbf4f91c Signed-off-by: Ofer Heifetz <oferh@marvell.com>
2022-06-29sr: Add support for SRv6 Path Tracing InfrastructureAhmed Abdelsalam4-0/+350
This patch adds support for the infrastructure required to support SRv6 Path Tracing defined in https://datatracker.ietf.org/doc/draft-filsfils-spring-path-tracing/ Type: feature Change-Id: If3b09d6216490a60dd5a816577477b6399abc124 Signed-off-by: Ahmed Abdelsalam <ahabdels@cisco.com>
2022-06-29hsa: reduce number of preallocated vcl test server sessionsFlorin Coras2-1/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7afc6116ca9a609992f26d9e78084732bba1b2ea
2022-06-29ipsec: add fast path python testsFan Zhang2-0/+782
This patch introduces set of python tests for fast path, based on flow cache tests. There was a bug in calculating of policy mask when adding to fast path, which has been fixed. Memory size for bihash tables for both ip4 and ip6 outbound fast path policies has been increased. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ibeee904ae7179f5dafbd45bb44282436f0b80821
2022-06-29tests: add ipsec flow performance unit testPiotr Bronowski1-0/+309
This patch adds performacne and functional tests for ip4 outbound traffic policy matching. Test setup is configurable in startup.conf and though the test parameters. Cache, fast path, fast path burst mode can be enabled and disabled, and performance for different lookup setup can be measured. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I1d04d196e412f47f43b7e5cbd46607bf6a9cc40e
2022-06-29ipsec: show fast path flag in cliFan Zhang1-8/+27
This patch updates the "show ipsec spd" cli to display policies maintained by fast path bihash table. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I58b9f92f3132dc9809b50786dc912e09c4b84d81
2022-06-29ipsec: add fast path configuration parserPiotr Bronowski1-2/+19
Parser can be configured from the level of startup.conf file: fast path can be enabled and disabled. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Ifab83ddcb75bc44c8165e7fa87a1a56d047732a1
2022-06-29ipsec: add spd fast path matchingPiotr Bronowski3-0/+584
This patch adds matching functionality for spd fast path policy matching. Fast path matching has been introduced for outbound traffic only. Type: feature Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: I03d5edf7d7fbc03bf3e6edbe33cb15bc965f9d4e
2022-06-29ipsec: make match function inlinePiotr Bronowski2-145/+171
This patch introduces ipsec_output.h file. Matching implementation is moved there. The reason behind is the possibility of unit testing matching mechanism. Therefore we need to have functions that are in scope of our intrest there and since these are inline their implementation needs to be moved to the header file as well. Type: improvement Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Change-Id: Id7c605375d1f3be146abf96ef70d336a5d156444